Install Nessus Scanner on AlmaLinux 9: Best Network Security

By Posted on

Install Nessus Scanner on AlmaLinux 9: Best Network Security

In this guide, you will learn to Install Nessus Scanner on AlmaLinux 9. Nessus is a network security scanner. It utilizes plug-ins, which are separate files, to handle the vulnerability checks. This makes it easy to install plug-ins and to see which plug-ins are installed to make sure that you are current.

Nessus uses a server-client architecture. The main server will need to be built on a supported Unix-like operating system. The client is available for Unix, Linux, and Windows.

You can now proceed to the guide steps below on the Orcacore website to complete the Nessus Essentials (free version) Setup on AlmaLinux 9.

Steps To Install and Configure Nessus Scanner on AlmaLinux 9

To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide on Initial Server Setup with AlmaLinux 9.

Now follow the steps below.

1. Download Nessus for AlmaLinux 9

First, you need to update your local package index with the following command:

sudo dnf update -y

Then, you need to visit the Nessus Downloads page and download the latest installer with the following command:

sudo curl --request GET 
  --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.4.1-es9.x86_64.rpm' 
  --output 'Nessus-10.4.1-es9.x86_64.rpm'

Note: The specific version number (e.g., 10.4.1) in the URL might be outdated. Always check the Tenable website for the latest version available for AlmaLinux 9.

2. Install Nessus Scanner on AlmaLinux 9

When your download is completed, run the following command to install the Nessus scanner on your server:

sudo rpm -ivh Nessus-10.4.1-es9.x86_64.rpm

3. Manage Nessus Scanner Service

At this point, you need to start and enable your Nessus service by using the following commands:

# sudo systemctl start nessusd
# sudo systemctl enable nessusd

Verify your Nessus scanner is active and running on AlmaLinux 9:

sudo systemctl status nessusd
**Output**
● nessusd.service - The Nessus Vulnerability Scanner
     Loaded: loaded (/usr/lib/systemd/system/nessusd.service; enabled; vendor p>
     Active: **active** (**running**) since Sun 2023-01-15 05:11:37 EST; 22s ago
   Main PID: 70963 (nessus-service)
      Tasks: 13 (limit: 23609)
     Memory: 96.6M
        CPU: 21.099s
     CGroup: /system.slice/nessusd.service
...

4. Configure Firewall For Nessus

Here we assumed that you have enabled firewalld. Now you need to allow Nessus port through the firewall. To do this, run the command below:

sudo firewall-cmd --zone=public --permanent --add-port 8834/tcp

Reload the firewall to apply the new rules:

sudo firewall-cmd --reload

5. Access Nessus Scanner Web Interface

At this point, you can access your Nessus web interface by typing your server’s IP address in your web browser followed by 8834:

https://<server-ip>:8834

You will see the Nessus Scanner welcome page. At this point, you need to choose how you want to deploy Nessus. Select a product to get started.

Here we choose Nessus Essentials – The free version for educators, students, and hobbyists.

Nessus Essentials
Nessus Essentials

Then, you need to enter your information to register and get an activation code from Nessus on AlmaLinux 9.

Nessus Essentials Active Code

After that, you need to enter the Nessus activation code that you have received and click continue.

Nessus Registration

Next, you need to create a Nessus admin user on AlmaLinux 9 and click submit.

Create a Nessus User Account

At this point, you need to wait while Nessus prepares the files to scan your assets. When it is completed, you will see your Nessus Dashboard.

Nessus dashboard

6. Create First Scan with Nessus on AlmaLinux 9

At this point, we want to show you how to scan your AlmaLinux system for vulnerabilities via the Nessus web dashboard. From your Nessus dashboard, click on My Scans and click Create a new scan.

Next, select the scan templates for your new scan. Here we use the template ‘Basic Network Scan’.

At this point, you need to enter a name for your scan, the description, the folder for storing the scan, and the target server. Then, click Save to save the new scan.

From your ‘My Scan’ page, you will see the new scan that you just created. Click the start button to start the scan.

That’s it you are done.

Conclusion

At this point, you have learned to Install and Configure the Nessus scanner on AlmaLinux 9. Nessus Essentials is used in AlmaLinux 9 for vulnerability scanning and security assessments. It helps identify security risks, misconfigurations, and compliance issues in the system. Knowing how to Install Nessus Scanner on AlmaLinux 9 is important for any network administrator or security professional.

Hope you enjoy it. You may also like these articles:

Install Chkrootkit on AlmaLinux 9

Set up Time Synchronization on AlmaLinux 9

Linux Kernel 6.14 Features and Release Date

Remote Desktop Solution for Linux in 2025

Alternative Solutions for Vulnerability Scanning on AlmaLinux 9

While Nessus is a powerful and widely used vulnerability scanner, several alternative solutions exist that can provide similar functionality, sometimes with different strengths and weaknesses. Here are two such alternatives:

1. OpenVAS (Greenbone Vulnerability Manager):

OpenVAS is a free and open-source vulnerability scanner and vulnerability management system. It’s a direct alternative to Nessus and often considered a good choice for organizations looking for a cost-effective solution. Like Nessus, OpenVAS uses a continuously updated feed of Network Vulnerability Tests (NVTs) to identify vulnerabilities in systems. It also provides a web-based interface for managing scans, viewing results, and generating reports. Installing OpenVAS on AlmaLinux 9 involves using the dnf package manager, configuring the database, and updating the NVT feed.

  • Explanation: OpenVAS offers a comprehensive vulnerability scanning solution, supporting various scan types, including authenticated and unauthenticated scans. The Greenbone Security Manager (GSM) is the commercial version, offering additional features and support. The OpenVAS community is active, and the NVT feed is regularly updated, ensuring the scanner stays current with the latest vulnerabilities. One key advantage is that it is completely free of charge, making it attractive for budget-conscious users.

  • Installation Code Example:

    sudo dnf install greenbone-security-assistant greenbone-scanner greenbone-openvas-scanner
sudo systemctl start greenbone-security-assistant
sudo systemctl enable greenbone-security-assistant
sudo systemctl start greenbone-scanner
sudo systemctl enable greenbone-scanner
sudo openvas-setup

    After installation, access the web interface through a browser, typically at https://<server-ip>. You may need to create an administrative user during the setup process. After that, you can begin configuring and running vulnerability scans.

2. Lynis:

Lynis is another free and open-source security auditing tool for Linux, macOS, and other Unix-based systems. Unlike Nessus and OpenVAS, which are primarily network vulnerability scanners, Lynis focuses on host-based security assessments. It performs in-depth security audits by running numerous tests on the system, checking for configuration weaknesses, software vulnerabilities, and compliance issues.

  • Explanation: Lynis is especially useful for hardening systems and ensuring they adhere to security best practices. It provides detailed reports with suggestions for improving the system’s security posture. While it doesn’t directly scan for network vulnerabilities like Nessus, it complements network scanners by identifying local vulnerabilities and misconfigurations that could be exploited. Lynis is a command-line tool and does not have a web interface. Its reports are generated in text format.

  • Installation and Usage Code Example:

    sudo dnf install lynis
sudo lynis audit system

    After running the lynis audit system command, Lynis will perform a series of security checks and generate a detailed report. The report will highlight any issues found, along with recommendations for remediation. The user then needs to manually review the report and implement the recommended changes.

These alternative solutions offer different approaches to vulnerability scanning and security auditing on AlmaLinux 9. Nessus, OpenVAS, and Lynis each have their own strengths and weaknesses. The choice of which tool to use depends on the specific requirements and priorities of the organization or individual. Remember to regularly update your chosen scanner’s vulnerability definitions for optimal security. Knowing how to Install Nessus Scanner on AlmaLinux 9 alongside these alternatives allows for comprehensive security.

Related posts: